May 04, 2017

"It's tough to make predictions, especially about the future."- variously attributed to Yogi Berra and Niels Bohr

Right. So let's say you are visited by transdimensional space aliens from outer space. There's some old-fashioned probing, but eventually, they get to the point. They outline a series of apocalyptic prophecies, beginning with the surprise 2032 election of Dwayne Elizondo Mountain Dew Herbert Camacho as the President of the United States, followed by a limited-scale nuclear exchange with the Grand Duchy of Ruritania in 2036, and culminating with the extinction of all life due to a series of cascading Y2K38 failures that start at an Ohio pretzel reprocessing plan. Long story short, if you want to save mankind, you have to warn others of what's to come.

But there's a snag: when you wake up in a roadside ditch in Alabama, you realize that nobody is going to believe your story! If you come forward, your professional and social reputation will be instantly destroyed. If you're lucky, the vindication of your claims will come fifteen years later; if not, it might turn out that you were pranked by some space alien frat boys who just wanted to have some cheap space laughs. The bottom line is, you need to be certain before you make your move. You figure this means staying mum until the Election Day of 2032.

But wait, this plan is also not very good! After all, how could your future self convince others that you knew about President Camacho all along? Well... if you work in information security, you are probably familiar with a neat solution: write down your account of events in a text file, calculate a cryptographic hash of this file, and publish the resulting value somewhere permanent. Fifteen years later, reveal the contents of your file and point people to your old announcement. Explain that you must have been in the possession of this very file back in 2017; otherwise, you would not have known its hash. Voila - a commitment scheme!

Although elegant, this approach can be risky: historically, the usable life of cryptographic hash functions seemed to hover at somewhere around 15 years - so even if you pick a very modern algorithm, there is a real risk that future advances in cryptanalysis could severely undermine the strength of your proof. No biggie, though! For extra safety, you could combine several independent hashing functions, or increase the computational complexity of the hash by running it in a loop. There are also some less-known hash functions, such as SPHINCS, that are designed with different trade-offs in mind and may offer longer-term security guarantees.

Of course, the computation of the hash is not enough; it needs to become an immutable part of the public record and remain easy to look up for years to come. There is no guarantee that any particular online publishing outlet is going to stay afloat that long and continue to operate in its current form. The survivability of more specialized and experimental platforms, such as blockchain-based notaries, seems even less clear. Thankfully, you can resort to another kludge: if you publish the hash through a large number of independent online venues, there is a good chance that at least one of them will be around in 2032.

(Offline notarization - whether of the pen-and-paper or the PKI-based variety - offers an interesting alternative. That said, in the absence of an immutable, public ledger, accusations of forgery or collusion would be very easy to make - especially if the fate of the entire planet is at stake.)

Even with this out of the way, there is yet another profound problem with the plan: a current-day scam artist could conceivably generate hundreds or thousands of political predictions, publish the hashes, and then simply discard or delete the ones that do not come true by 2032 - thus creating an illusion of prescience. To convince skeptics that you are not doing just that, you could incorporate a cryptographic proof of work into your approach, attaching a particular CPU time "price tag" to every hash. The future you could then claim that it would have been prohibitively expensive for the former you to attempt the "prediction spam" attack. But this argument seems iffy: a $1,000 proof may already be too costly for a lower middle class abductee, while a determined tech billionaire could easily spend $100,000 to pull off an elaborate prank on the entire world. Not to mention, massive CPU resources can be commandeered with little or no effort by the operators of large botnets and many other actors of this sort.

In the end, my best idea is to rely on an inherently low-bandwidth publication medium, rather than a high-cost one. For example, although a determined hoaxer could place thousands of hash-bearing classifieds in some of the largest-circulation newspapers, such sleigh-of-hand would be trivial for future sleuths to spot (at least compared to combing through the entire Internet for an abandoned hash). Or, as per an anonymous suggestion relayed by Thomas Ptacek: just tattoo the signature on your body, then post some post some pics; there are only so many places for a tattoo to go.

Still, what was supposed to be a nice, scientific proof devolved into a bunch of hand-wavy arguments and poorly-quantified probabilities. For the sake of future abductees: is there a better way?

12 comments:

Thank you for the concerns about an eccentric billionaire publishing many hashes -- this is an excellent and expensive version of the real estate scam where you mail 1000 people a letter predicting a stock will go up or down (half of the time you will be right!). I'm very concerned that versus a universe of determined and malicious troll-billionaires, you might be in some real trouble. The financial rewards for being seen to be a successful Oracle are quite large -- so you can imagine your adversary is not just Evil Elon Musk[1].

Even the tattoo thing isn't all that great once you assume all the crazy things people do for money. "Here tattoo yourself with this QR code to advertise my product." "Oh, it didn't launch; ran out of funding!". Yours says Camacho is going to be Prez in 33? I've got one that says 32.

It hints at some paths forward though: If the prediction could be writ in a material which is priceless or one of a kind, maybe you get something stronger.

Here is a horrifying idea:

In the middle of the night, I sneak into General Sherman Grove, and laser my hash for the future on the surface of some one-of-a-kind-old redwood. There just aren't enough in the world for Evil Elon Musk to laser them all. The moving laser, having writ... Who cares if you're incarcerated? This is the end of the world, and you're *sure*.

That also suggests a disturbing avenue of crimes you commit with sentences up to the delta between now and the election. A wealthy adversary simply wouldn't be willing to use their life or convince enough people to do so. "Why the bullet I shot my neighbor with *had that very hash on it."

Here's another:

It's an important constraint on your problem that the resources are (let's say) the average middle class person. Otherwise the answer is you get Evil Elon Musk to fund a couple of Voyager class probes that beam the messages back constantly as they head out into the Oort cloud or something.

Another: The Bends

You want to put the message in some sort of box designed to sustain intense pressure, and drop it into the ocean. The box isn't anything special, but it is detaches ballast after time T and floats to the surface. Since the geographical location is known to you (let's assume you're not dropping it in the deep in a place with current), it pops back up.

I need to think about this more, but the idea of Adversary who is willing to spend large sums to troll and/or benefit from this dark future totally changes the game!

I think it's particularly interesting to consider the authentication of predictions that are made without 100% certainty (hence my mention of frat boy aliens). You are *not* ready to bet your whole life on a prediction - otherwise, you could just write a book or start a cult, as to prime the society for the revelation in 2032 (and cement your role in the new order of things); there is no need for hidden proofs.

But if one part of the prophecy comes true, you want to be able to prove that you had this knowledge back in 2017, and more importantly, do so in a way that would not raise concerns that you're pulling off a prediction spamming attack (I'm betting that somebody is going to pull off a major one within the next 10 years, so I'd be expecting heavy skepticism past that point.)

A flaw with even the low-bandwidth medium approach is that, if there exist multiple such low-bandwidth media, one could likely get away with spamming predictions by spreading them across multiple such media. Maybe it's feasible to check that you hadn't taken out newspaper ads for thousands of possible hashes, but it gets harder to check that you haven't taken out one of those, stuck one into the acknowledgments of a book, wore a shirt bearing another in a television interview, tattooed another onto your body, and three dozen other options I haven't considered yet.

Yep. A lot hinges on whether the medium would appear as a natural first choice for the task. Newspaper ads probably fall into this bucket and have been used for similar purposes every now and then. A tattoo on your own butt may be another plausible pick. But again, it's all hand-wavy; maybe somebody is just really good coming up with post-hoc justifications for why they put that particular hash in that particular spot.

As far as "but the hash could be broken in 15 years", I think that this is fine as long as people keep designing stronger hashes faster than they break them, and you keep publishing strong hashes of the document.

Every K years, you can hash the same document with the strongest algorithms known at the moment, and publish the hash using the same method. When you reveal your commitment, there is an at most K years old hash that everybody agrees you don't have a collision attack against, and this hash corresponds to one you published 2*K years ago with the strongest hash algorithm at the time. As long as there was no attack against the 2*K algorithm known K years ago, the two hashes must come from the same document -- which is also the one from 3*K years ago, etc.

This scheme stops working if one day all known hashes are broken at once, but then I believe that no hash-based scheme would work as none of the past hashes can be trusted anymore.

I think Predestination Paradoxes are well explored in the literature. But if you are worried, just assume the goal of the problem is the pure drug of being able to say "But I was right" by keeping mum until the data certain, but then also producing proof you actually had this knowledge.

Write the prediction using a pint of your own blood. Write using large letters and/or duplicate the prediction to use up all the blood. Blood can apparently be dated to within a couple years. Presumably tech for this will get better over time, so tech advances help the opposite of the way that tech advances in computing hurt hashing.

I think if you seal the prediction in a giant block of lead, you'll be able to detect the absence of it having been exposed to background radiation for 30 years.

If you're confident you'll own a piece of property for 30 years, carve the prediction in a sapling in your front yard.

File a patent that incorporates the prediction. Could just include a prediction paragraph that doesn't have anything to do with the actual patent.

Write a novel and get it published. You'll probably have to go with a vanity publisher. If you're lucky and/or savvy, you'll get it into the Library of Congress.